package com.cc.shiro.demo.controller;

import com.cc.shiro.demo.entity.User;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

/**
 * @Description: 用一句话描述
 * @Auther: 新梦想*陈超
 * @Date: 2019-12-16 10:35
 */
@Controller
@RequestMapping("/user")
public class UserController {
    @RequestMapping("/toLogin")
    public String toLogin(){
        return "login";
    }
    @RequestMapping("/login")
    public String login(User user){

        //shiro的Subject对象进行登录认证
        Subject subject =  SecurityUtils.getSubject();
        UsernamePasswordToken authenticationToken =new UsernamePasswordToken(user.getUsername(),user.getPassword());
        subject.login(authenticationToken);
        return "success";
    }
    //这个接口只能给admin角色
    //@RequiresRoles("admin")
    //这个接口要有user:create权限
    @RequiresPermissions({"user:update"})
    @RequestMapping("/admin/index")//代表进入后台首页
    @ResponseBody
    public String toAdminIndex(){
        return "这里是后台首页，管理员必须登录后才能访问这个数据！！";
    }

}
